Home page logo

metasploit logo Metasploit mailing list archives

Re: Deploying a webshell
From: hex <hex () neg9 org>
Date: Sat, 30 Apr 2011 16:50:38 -0700

I just ran in to this exact problem and my solution was almost exactly
the same (I built a war using one of the jsp backdoors form
fuzzdb)... and my thoughts were exactly the same. I see no reason the
communication channel for a shell couldn't be via http. 

I'm really new to msf, so I don't know how helpful I could be, but I'm
very interestined in what you come up with.

At Sat, 30 Apr 2011 23:27:53 +0100,
Konrads Smelkovs wrote:

[1  <multipart/alternative (7bit)>]
[1.1  <text/plain; UTF-8 (7bit)>]

I want to build a webshell as payload as I've been in situations where for
web based exploits like jboss either reverse/bind shell doesn't work or host
is firewalled and only incoming http is permitted. So far, my approach has
been to hack the appropriate exploit to deploy a basic webshell (hacked
exlploit attached).
Are there any development initiatives I can latch to regarding webshell
deployment? If not, what would be the best approach to take in developing -
do a one-off and ignore errors/payloads at all, make webshell as payload
(and if so, how to build a new communications channel?)

Ideas appreciated
Konrads Smelkovs
Applied IT sorcery.
[1.2  <text/html; UTF-8 (quoted-printable)>]

[2 jboss_bshdeployer_shell.rb <application/octet-stream (base64)>]

[3  <text/plain; us-ascii (7bit)>]

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]